On Wednesday, February 16, 2022 6:01:48 PM EST Adam Williamson wrote:
> I just tried this, actually, for giggles. Two reasons it's a non-
> starter: it prompts for the root password, not for my user password
> (my user is an 'admin' so far as sudo etc. are concerned, but
> apparently not an 'admin' so far as interactive pkexec is
> concerned).
That is odd. I am never prompted for the root password for anything.
Maybe this is a policy difference between GNOME and KDE.
My supplemental groups:
wheel mock systemd-journal wireshark
> I do not know the root password, it is intentionally a
> 24-character random string I would have to look up. And it prompts
> with one of those goddamn 'secure' GNOME popovers which prevents you
> accessing your password manager, so every time you hit one, you have
> to cancel it, go to your password manager, copy the password it
> wants, then trigger it again.
>
> No way on earth I'm using that.
Again, in KDE, there is a prompt for MY password and it is only modal
as far as the pkexec command is concerned. I can open my password
manager before responding to the prompt (not that I need to, since it
wants my password -- not root's).
Anyway, until this discussion, I never knew there was a pkexec. I
note that pkexec will not operate correctly outside of my KDE session.
It prompts for my password from a terminal session and then fails with
$ pkexec ls
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ====
Authentication is needed to run `/usr/bin/ls' as the super user
Authenticating as: Garry T. Williams (garry)
Password:
polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ====
Error executing command as another user: Not authorized
This incident has been reported.
$
Of course, sudo will operate correctly without a desktop session. I
don't think I will be eager to use pkexec instead of sudo.
--
Garry T. Williams
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
